FBI shuts down 15 DDoS-for-hire “booter” sites

The FBI seized 15 internet domains associated with DDoS-for-hire services and announced criminal charges against three individuals charged with operating the platforms.

The FBI seized 15 internet domains associated with DDoS-for-hire services and announced criminal charges against three individuals charged with operating the platforms.

On Dec. 19 the FBI seized the domains of 15 “booter” services, named as such because they result in “booting” or dropping the targeted sites from the internet, that allowed paying users to launch DDoS attacks against financial institutions, universities, internet service providers, government systems, and various gaming platforms, according to a Dec. 20 DoJ press release.

DDoS for hire services such as these pose a significant national threat,” U.S. Attorney Bryan Schroder. “Coordinated investigations and prosecutions such as these demonstrate the importance of cross-District collaboration and coordination with public sector partners.”

Authorities charged Matthew Gatrel, 30, of St. Charles, Ill, and Juan Martinez, 25, of Pasadena, Calif., with conspiring to violate the Computer Fraud and Abuse Act through the operation of their DDoS-for-hire services sites known as Down them and Ampnode.

According to the release, Downthem’s database showed over 2000 customer subscriptions, and had been used to conduct, or attempt to conduct, over 200,000 DDoS attacks which were carried out between October 2014 and November 2018.

Quantum had more than 80,000 customer subscriptions and in 2018 was used to launch over 50,000 actual or attempted DDoS attacks targeting victims across the globe.

David Bukoski, age 23 of Hanover Township, Pa. was also charged with operating another site “Quantum Stresser” which was one of the longest-running DDoS services in operation, authorities said.

The FBI worked with industry and law enforcement partners to identify and prosecuted the alleged threat actors and noted that booter services like this have become an increasingly prevalent class of DDoS attack tools.